maskDir mounts a read-only tmpfs on top of the specified path.
(path, mountLabel string)
| 1323 | |
| 1324 | // maskDir mounts a read-only tmpfs on top of the specified path. |
| 1325 | func maskDir(path, mountLabel string) error { |
| 1326 | return mount("tmpfs", path, "tmpfs", unix.MS_RDONLY, label.FormatMountLabel("nr_blocks=1,nr_inodes=1", mountLabel)) |
| 1327 | } |
| 1328 | |
| 1329 | // maskPaths masks the top of the specified paths inside a container to avoid |
| 1330 | // security issues from processes reading information from non-namespace aware |
no test coverage detected
searching dependent graphs…